Visible to the public SARA: Security Automotive Risk Analysis Method

TitleSARA: Security Automotive Risk Analysis Method
Publication TypeConference Paper
Year of Publication2018
AuthorsMonteuuis, Jean-Philippe, Boudguiga, Aymen, Zhang, Jun, Labiod, Houda, Servel, Alain, Urien, Pascal
Conference NameProceedings of the 4th ACM Workshop on Cyber-Physical System Security
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5755-5
Keywordsautomotive security, composability, control theory, pubcrawl, resilience, Resiliency, risk assessment, security, security requirements, threat analysis

Connected and automated vehicles aim to improve the comfort and the safety of the driver and passengers. To this end, car manufacturers continually improve actual standardized methods to ensure their customers safety, privacy, and vehicles security. However, these methods do not support fully autonomous vehicles, linkability and confusion threats. To address such gaps, we propose a systematic threat analysis and risk assessment framework, SARA, which comprises an improved threat model, a new attack method/asset map, the involvement of the attacker in the attack tree, and a new driving system observation metric. Finally, we demonstrate its feasibility in assessing risk with two use cases: Vehicle Tracking and Comfortable Emergency Brake Failure.

Citation Keymonteuuis_sara:_2018